|
|
|
|
|
|
by seanhunter
876 days ago
|
|
|
Every time someone says "for performance reasons" as a justification for wontfixing a security issue a million badguys rub their hands with glee. If you can't do previews in a way that respects access permissions you shouldn't do them at all. This isn't a feature that is essential whereas security really is. Moreover you really can't possibly have a security scheme that relies on every user being aware of something. Someone will either not know or will know but forget or make a mistake. Systems should be robust enough to accomodate usage by actual humans. |
|
|